341 research outputs found
GUIDE FOR THE COLLECTION OF INSTRUSION DATA FOR MALWARE ANALYSIS AND DETECTION IN THE BUILD AND DEPLOYMENT PHASE
During the COVID-19 pandemic, when most businesses were not equipped for remote work and cloud computing, we saw a significant surge in ransomware attacks. This study aims to utilize machine learning and artificial intelligence to prevent known and unknown malware threats from being exploited by threat actors when developers build and deploy applications to the cloud. This study demonstrated an experimental quantitative research design using Aqua. The experiment\u27s sample is a Docker image. Aqua checked the Docker image for malware, sensitive data, Critical/High vulnerabilities, misconfiguration, and OSS license. The data collection approach is experimental. Our analysis of the experiment demonstrated how unapproved images were prevented from running anywhere in our environment based on known vulnerabilities, embedded secrets, OSS licensing, dynamic threat analysis, and secure image configuration. In addition to the experiment, the forensic data collected in the build and deployment phase are exploitable vulnerability, Critical/High Vulnerability Score, Misconfiguration, Sensitive Data, and Root User (Super User). Since Aqua generates a detailed audit record for every event during risk assessment and runtime, we viewed two events on the Audit page for our experiment. One of the events caused an alert due to two failed controls (Vulnerability Score, Super User), and the other was a successful event meaning that the image is secure to deploy in the production environment. The primary finding for our study is the forensic data associated with the two events on the Audit page in Aqua. In addition, Aqua validated our security controls and runtime policies based on the forensic data with both events on the Audit page. Finally, the study’s conclusions will mitigate the likelihood that organizations will fall victim to ransomware by mitigating and preventing the total damage caused by a malware attack
Secure Healthcare Data Storage and Transmission: A Review of Current Technologies and Future Directions
The development of websites, applications, and the first social networks profoundly altered everyone\u27s life and became the catalyst for advancement on a global scale. The days of immovable points, phones, and printing presses are long gone. But is everything really as perfect as it looks? Perhaps the most contentious thing in history is progress. We now have the freedom to express our ideas without fear, connect with individuals around the globe, and access a seemingly limitless amount of knowledge thanks to the Internet. But as time goes on, concerns about the cloudlessness of virtual existence become more and more prevalent; we have been captured by things that do not exist in reality. Apart from the well-known hazards like terrorism and global warming, the growth of the Internet has given rise to entirely unknown and novel perils that have infiltrated our life. We refer to this phenomena as "cybercrime". Any form of criminal activity carried out virtually is referred to as cybercrime. Ten to twenty years ago, this phenomena was known only to specialised specialists. IT industry, and it is currently a worldwide issue. Although everyone and the IT sector receive adequate security measures and equipment, cybercrime is nevertheless increasing at a very rapid pace in parallel. There are several security problems and cyberthreats in the modern world. With new technology emerging daily, we can predict major issues in the road. In this work a Secure Healthcare Data Storage and Transmission in WAN area is discussed
Ensemble Learning based Anomaly Detection for IoT Cybersecurity via Bayesian Hyperparameters Sensitivity Analysis
The Internet of Things (IoT) integrates more than billions of intelligent
devices over the globe with the capability of communicating with other
connected devices with little to no human intervention. IoT enables data
aggregation and analysis on a large scale to improve life quality in many
domains. In particular, data collected by IoT contain a tremendous amount of
information for anomaly detection. The heterogeneous nature of IoT is both a
challenge and an opportunity for cybersecurity. Traditional approaches in
cybersecurity monitoring often require different kinds of data pre-processing
and handling for various data types, which might be problematic for datasets
that contain heterogeneous features. However, heterogeneous types of network
devices can often capture a more diverse set of signals than a single type of
device readings, which is particularly useful for anomaly detection. In this
paper, we present a comprehensive study on using ensemble machine learning
methods for enhancing IoT cybersecurity via anomaly detection. Rather than
using one single machine learning model, ensemble learning combines the
predictive power from multiple models, enhancing their predictive accuracy in
heterogeneous datasets rather than using one single machine learning model. We
propose a unified framework with ensemble learning that utilises Bayesian
hyperparameter optimisation to adapt to a network environment that contains
multiple IoT sensor readings. Experimentally, we illustrate their high
predictive power when compared to traditional methods
Tiresias: Predicting Security Events Through Deep Learning
With the increased complexity of modern computer attacks, there is a need for
defenders not only to detect malicious activity as it happens, but also to
predict the specific steps that will be taken by an adversary when performing
an attack. However this is still an open research problem, and previous
research in predicting malicious events only looked at binary outcomes (e.g.,
whether an attack would happen or not), but not at the specific steps that an
attacker would undertake. To fill this gap we present Tiresias, a system that
leverages Recurrent Neural Networks (RNNs) to predict future events on a
machine, based on previous observations. We test Tiresias on a dataset of 3.4
billion security events collected from a commercial intrusion prevention
system, and show that our approach is effective in predicting the next event
that will occur on a machine with a precision of up to 0.93. We also show that
the models learned by Tiresias are reasonably stable over time, and provide a
mechanism that can identify sudden drops in precision and trigger a retraining
of the system. Finally, we show that the long-term memory typical of RNNs is
key in performing event prediction, rendering simpler methods not up to the
task
Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics
Botnets are some of the most recurrent cyber-threats, which take advantage of the wide
heterogeneity of endpoint devices at the Edge of the emerging communication environments for
enabling the malicious enforcement of fraud and other adversarial tactics, including malware, data
leaks or denial of service. There have been significant research advances in the development of
accurate botnet detection methods underpinned on supervised analysis but assessing the accuracy
and performance of such detection methods requires a clear evaluation model in the pursuit of
enforcing proper defensive strategies. In order to contribute to the mitigation of botnets, this paper
introduces a novel evaluation scheme grounded on supervised machine learning algorithms that
enable the detection and discrimination of different botnets families on real operational
environments. The proposal relies on observing, understanding and inferring the behavior of each
botnet family based on network indicators measured at flow-level. The assumed evaluation
methodology contemplates six phases that allow building a detection model against botnet-related
malware distributed through the network, for which five supervised classifiers were instantiated
were instantiated for further comparisons—Decision Tree, Random Forest, Naive Bayes Gaussian,
Support Vector Machine and K-Neighbors. The experimental validation was performed on two public
datasets of real botnet traffic—CIC-AWS-2018 and ISOT HTTP Botnet. Bearing the heterogeneity of
the datasets, optimizing the analysis with the Grid Search algorithm led to improve the classification
results of the instantiated algorithms. An exhaustive evaluation was carried out demonstrating the
adequateness of our proposal which prompted that Random Forest and Decision Tree models are the
most suitable for detecting different botnet specimens among the chosen algorithms. They exhibited
higher precision rates whilst analyzing a large number of samples with less processing time. The
variety of testing scenarios were deeply assessed and reported to set baseline results for future
benchmark analysis targeted on flow-based behavioral patterns
Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics
Botnets are some of the most recurrent cyber-threats, which take advantage of the wide heterogeneity of endpoint devices at the Edge of the emerging communication environments for enabling the malicious enforcement of fraud and other adversarial tactics, including malware, data leaks or denial of service. There have been significant research advances in the development of accurate botnet detection methods underpinned on supervised analysis but assessing the accuracy and performance of such detection methods requires a clear evaluation model in the pursuit of
enforcing proper defensive strategies. In order to contribute to the mitigation of botnets, this paper
introduces a novel evaluation scheme grounded on supervised machine learning algorithms that enable the detection and discrimination of different botnets families on real operational environments. The proposal relies on observing, understanding and inferring the behavior of
each botnet family based on network indicators measured at flow-level. The assumed evaluation methodology contemplates six phases that allow building a detection model against botnet-related malware distributed through the network, for which five supervised classifiers were instantiated were instantiated for further comparisons—Decision Tree, Random Forest, Naive Bayes Gaussian,
Support Vector Machine and K-Neighbors. The experimental validation was performed on two public
datasets of real botnet traffic—CIC-AWS-2018 and ISOT HTTP Botnet. Bearing the heterogeneity of the datasets, optimizing the analysis with the Grid Search algorithm led to improve the classification results of the instantiated algorithms. An exhaustive evaluation was carried out demonstrating the adequateness of our proposal which prompted that Random Forest and Decision Tree models are the most suitable for detecting different botnet specimens among the chosen algorithms. They exhibited
higher precision rates whilst analyzing a large number of samples with less processing time.
The variety of testing scenarios were deeply assessed and reported to set baseline results for future benchmark analysis targeted on flow-based behavioral patterns
- …